KRB5: Add support for KEYRING cache type

https://fedorahosted.org/sssd/ticket/2036
author: Stephen Gallagher <sgallagh@redhat.com> 2013-08-15 19:36:26 -0400
committer: Jakub Hrozek <jhrozek@redhat.com> 2013-08-27 17:05:15 +0200
commit: aeb1e654c337037b6bdb350e1ec8aaa065e86794 (patch)
tree: 080a1a2a7129006be55e61db158154f8a226432f /src/man/sssd-krb5.5.xml
parent: fe1afaccc7c9a99df823a7c44cd89fc3c619715a (diff)
download: sssd-aeb1e654c337037b6bdb350e1ec8aaa065e86794.tar.gz
sssd-aeb1e654c337037b6bdb350e1ec8aaa065e86794.tar.xz
sssd-aeb1e654c337037b6bdb350e1ec8aaa065e86794.zip
1 files changed, 17 insertions, 6 deletions
diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml
index df124b4d2..720f39b7b 100644
--- a/src/man/sssd-krb5.5.xml
+++ b/src/man/sssd-krb5.5.xml
@@ -158,12 +158,15 @@
                     <term>krb5_ccname_template (string)</term>
                     <listitem>
                         <para>
-                            Location of the user's credential cache. Two credential
-                            cache types are currently supported: <quote>FILE</quote>
-                            and <quote>DIR</quote>. The cache can be specified either
-                            as <replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute
-                            path, which implies the <quote>FILE</quote> type. In the
-                            template, the following sequences are substituted:
+                            Location of the user's credential cache. Three
+                            credential cache types are currently supported:
+                            <quote>FILE</quote>, <quote>DIR</quote> and
+                            <quote>KEYRING:persistent</quote>. The cache can
+                            be specified either as
+                            <replaceable>TYPE:RESIDUAL</replaceable>, or as an
+                            absolute path, which implies the
+                            <quote>FILE</quote> type. In the template, the
+                            following sequences are substituted:
                             <variablelist>
                                 <varlistentry>
                                     <term>%u</term>
@@ -209,6 +212,14 @@
                             used to create a unique filename in a safe way.
                         </para>
                         <para>
+                            When using KEYRING types, the only supported
+                            mechanism is <quote>KEYRING:persistent:%U</quote>,
+                            which uses the Linux kernel keyring to store
+                            credentials on a per-UID basis. This is also the
+                            recommended choice, as it is the most secure and
+                            predictable method.
+                        </para>
+                        <para>
                             Default: FILE:%d/krb5cc_%U_XXXXXX
                         </para>
                     </listitem>
author	Stephen Gallagher <sgallagh@redhat.com>	2013-08-15 19:36:26 -0400
committer	Jakub Hrozek <jhrozek@redhat.com>	2013-08-27 17:05:15 +0200
commit	aeb1e654c337037b6bdb350e1ec8aaa065e86794 (patch)
tree	080a1a2a7129006be55e61db158154f8a226432f /src/man/sssd-krb5.5.xml
parent	fe1afaccc7c9a99df823a7c44cd89fc3c619715a (diff)
download	sssd-aeb1e654c337037b6bdb350e1ec8aaa065e86794.tar.gz sssd-aeb1e654c337037b6bdb350e1ec8aaa065e86794.tar.xz sssd-aeb1e654c337037b6bdb350e1ec8aaa065e86794.zip